Allow customization of keys_only & paranoid SSH

This adds two new SSH configuration options:

- `keys_only`
- `paranoid`

These values were previously hard-coded, but can now be user-specified.

Fixes GH-4275
This commit is contained in:
Seth Vargo 2016-05-29 17:58:44 -04:00
parent 791ad7ac8e
commit d44fcf2d52
No known key found for this signature in database
GPG Key ID: 905A90C2949E8787
4 changed files with 20 additions and 2 deletions

View File

@ -434,6 +434,8 @@ module Vagrant
info[:host] ||= @config.ssh.default.host info[:host] ||= @config.ssh.default.host
info[:port] ||= @config.ssh.default.port info[:port] ||= @config.ssh.default.port
info[:private_key_path] ||= @config.ssh.default.private_key_path info[:private_key_path] ||= @config.ssh.default.private_key_path
info[:keys_only] ||= @config.ssh.default.keys_only
info[:paranoid] ||= @config.ssh.default.paranoid
info[:username] ||= @config.ssh.default.username info[:username] ||= @config.ssh.default.username
# We set overrides if they are set. These take precedence over # We set overrides if they are set. These take precedence over

View File

@ -335,8 +335,8 @@ module VagrantPlugins
forward_agent: ssh_info[:forward_agent], forward_agent: ssh_info[:forward_agent],
send_env: ssh_info[:forward_env], send_env: ssh_info[:forward_env],
keys: ssh_info[:private_key_path], keys: ssh_info[:private_key_path],
keys_only: true, keys_only: ssh_info[:keys_only],
paranoid: false, paranoid: ssh_info[:paranoid],
password: ssh_info[:password], password: ssh_info[:password],
port: ssh_info[:port], port: ssh_info[:port],
timeout: 15, timeout: 15,

View File

@ -7,6 +7,8 @@ module VagrantPlugins
attr_accessor :username attr_accessor :username
attr_accessor :password attr_accessor :password
attr_accessor :insert_key attr_accessor :insert_key
attr_accessor :keys_only
attr_accessor :paranoid
def initialize def initialize
@host = UNSET_VALUE @host = UNSET_VALUE
@ -15,6 +17,8 @@ module VagrantPlugins
@username = UNSET_VALUE @username = UNSET_VALUE
@password = UNSET_VALUE @password = UNSET_VALUE
@insert_key = UNSET_VALUE @insert_key = UNSET_VALUE
@keys_only = UNSET_VALUE
@paranoid = UNSET_VALUE
end end
def finalize! def finalize!
@ -24,6 +28,8 @@ module VagrantPlugins
@username = nil if @username == UNSET_VALUE @username = nil if @username == UNSET_VALUE
@password = nil if @password == UNSET_VALUE @password = nil if @password == UNSET_VALUE
@insert_key = true if @insert_key == UNSET_VALUE @insert_key = true if @insert_key == UNSET_VALUE
@keys_only = true if @keys_only == UNSET_VALUE
@paranoid = false if @paranoid == UNSET_VALUE
if @private_key_path && !@private_key_path.is_a?(Array) if @private_key_path && !@private_key_path.is_a?(Array)
@private_key_path = [@private_key_path] @private_key_path = [@private_key_path]

View File

@ -62,6 +62,16 @@ the machine, but replace it with perhaps a more secure key later.
<hr> <hr>
`config.ssh.keys_only` - Only use Vagrant-provided SSH private keys (do not use
any keys stored in ssh-agent). The default value is `true`.`
<hr>
`config.ssh.paranoid` - Perform strict host-key verification. The default value
is `true`.
<hr>
`config.ssh.forward_agent` - If `true`, agent forwarding over SSH `config.ssh.forward_agent` - If `true`, agent forwarding over SSH
connections is enabled. Defaults to false. connections is enabled. Defaults to false.